Alcatel-Lucent Service Router Ethernet OAM

APPLICATION NOTE Alcatel-Lucent Service Router Ethernet OAM Enabling a new level of operational efficiency in Ethernet service networks

Abstract In response to the growing demand for new consumer and business services, service providers are building highly scalable, cost-effective IP/MPLS networks. These networks are being used to deliver a growing volume of Carrier Ethernet services. To assure the quality, performance and reliability of their Carrier Ethernet services, providers need a complete set of operations, administration and maintenance (OAM) tools for Ethernet services and the networks on which they are delivered. Service providers need to be able to troubleshoot Ethernet services and the network from the provider edge all the way to the last mile. Historically, there have been few Ethernet-specific tools that allow service providers to administer their networks in a holistic, end-to-end fashion, or to assure high quality and high performance of end user applications. This paper describes the Ethernet OAM tools that Alcatel-Lucent provides as part of its portfolio of IP/MPLS router platforms (Alcatel-Lucent 7750 Service Router, Alcatel-Lucent 7710 Service Router and Alcatel-Lucent 7450 Ethernet Service Switch). Alcatel-Lucent has developed comprehensive Ethernet OAM tools and has implemented standards-based Institute of Electrical and Electronics Engineers (IEEE ) OAM protocols to address the key needs of service providers.

Table of contents 1 1. Comprehensive OAM tools are key to operational efficiency 1 1.1 The foundation of Carrier Ethernet networks 2 1.2 Importance of well-architected OAM tools 2 2. Alcatel-Lucent Service Router OAM toolkit 3 2.1 Network and service OAM 4 2.2 Service assurance using mirroring and the Service Assurance Agent 4 3. Digital diagnostic monitoring (DDM) OAM tool for SFPs and XFPs 4 3.1 Overview 5 3.2 Features and applications 5 4. IEEE 802.3ah Ethernet in the First Mile (EFM) OAM 5 4.1 Overview 5 4.2 Features and applications 6 5. IEEE 802.1ag Connectivity Fault Management (CFM) OAM 6 5.1 Overview 7 5.2 Features and applications 7 6. MPLS Path and PWE3 OAM 7 6.1 Overview 8 6.2 IP/MPLS OAM tool features and applications 8 6.3 PWE3 OAM tool features and applications 10 7. VPLS MAC OAM 10 7.1 Overview 10 7.2 Features and applications 11 8. Layer 2 and Layer 3 service mirroring 11 8.1 Overview 12 8.2 Features and applications 13 9. Service ping OAM 13 9.1 Overview 13 9.2 Features and applications 14 10. Unified management with Alcatel-Lucent 5620 SAM and 5650 CPAM 16 11. Conclusion 17 12. Abbreviations

1. Comprehensive OAM tools are key to operational efficiency 1.1 The foundation of Carrier Ethernet networks As a technology, Ethernet has a long history in network infrastructures and has been widely deployed in enterprise networks, primarily for LAN switching. Now, a fully standardized Multiprotocoal Label Switching (MPLS)/Virtual Private LAN Service (VPLS) architecture for Ethernet services is being adopted as the de-facto technology of choice in service provider networks. This architecture is ideal for delivering highly scalable, traffic-engineered, resilient and reliable business, mobile and Triple Play applications because of its low-cost overhead and ease of use. With the increasing role of Ethernet in carrier networks, the ability to troubleshoot Ethernet services and the underlying network quickly and efficiently is critical. Figure 1 shows a typical application of Ethernet services in a service provider network. MPLS/VPLSbased Ethernet services go end-to-end, across the network, traversing a variety of physical links. The underlying physical links could be legacy or Ethernet. With the varied use of Ethernet in the WAN, service providers need operations, administration and maintenance (OAM) tools that are capable of troubleshooting Ethernet both as a service and as a physical transport. Virtual Leased Lines (VLLs) and VPLS enable service providers to deliver connection-oriented, scalable, traffic-engineered, resilient and reliable services, with integrated management support. To support these services efficiently and proactively, service providers need automated real-time OAM tools that reduce network complexities and lower operational costs. Figure 1. Ethernet deployments in service provider networks Access Metro aggregation Backbone TDM VLL MPLS PW VPLS Native Ethernet VLL VPLS IP/MPLS metro IP/MPLS backbone SONET/SDH Aggregation point End-to-end Ethernet service Alcatel-Lucent Service Router Ethernet OAM Application Note 1

1.2 Importance of well-architected OAM tools For value-added Ethernet services, a comprehensive OAM toolkit is a must. Given the distinctive technology and business models in service provider networks and the varied range of always-on service offerings, adopting a poorly architected OAM toolkit one that lacks service and network diagnostics can adversely impact the overall operations. Failure to implement a well-architected set of OAM tools in a large network could result in: Violation of service level agreements (SLAs) which could lead to the breach of service agreements and eventually, refunds to customers. With oversubscription built into most service provider networks, a careful network design is often not enough to guarantee a stringent SLA. This is where a well-architected Ethernet OAM toolkit becomes necessary, to automate the verification of SLAs between remote locations. Inability to foresee a network degradation Often before a link failure, a telltale sign emerges. For example, overheating and weakening signal integrity are signs that a component is about to fail. The only way to detect such a problem is with proactive monitoring. An automated OAM tool that generates alerts whenever established thresholds are crossed can provide the ability to monitor the health of interconnections. Difficulty in determining the status of a connection Connectivity is the basis of all service offerings; however, in a complex network with several transport layers and protocol overlays, path failure can occur on both the forwarding (data) plane as well as the control plane. OAM tools that provide an in-depth look into these layers and test both planes are critical components for troubleshooting. Difficulty in preserving a uniform service over a large network Provisioning and maintaining a service to thousands of subscribers poses not only logistical challenges but also strains the network to a level never before tested. As the network grows in scale, so does OAM complexity. To preserve the same efficiency and quality of services, service providers have to rely on a wellarchitected and intuitive OAM framework. This framework should include high-level graphical OAM management that enables the service provider to automate the synchronization of the different OAM tools. The OAM tools must enable constant monitoring of network health, pinpoint failed links, and alert the network administrator of any problems in real time via an easy-to-use graphical user interface (GUI). Alcatel-Lucent provides comprehensive unified OAM management support at both the network management system/operations support system (NMS/OSS) and SR levels that has been specifically designed to automate the management of large networks. The Alcatel-Lucent 5620 Service Aware Manager (SAM) and Alcatel-Lucent 5650 Control Plane Assurance Manager (CPAM) can collect real-time information on all critical devices, network tunnels, connectivity services and control plane health, and correlate different events into a meaningful report. 2. Alcatel-Lucent Service Router OAM toolkit The scope of this application note covers OAM mechanisms relevant to VLL and VPLS services, tunnel paths, the underlying physical Ethernet interface and optics. Given the Ethernet services and network scope, this application note excludes OAM tools for legacy services such as TDM, Frame Relay, ATM and IP. The Alcatel-Lucent Service Router-based services network provides a comprehensive set of OAM tools that facilitates day-to-day maintenance and troubleshooting of diverse network infrastructures. As the acknowledged leader in transforming IP/MPLS networks, Alcatel-Lucent excels in rolling out MPLS/VPLS-based Ethernet services to carriers worldwide. Alcatel-Lucent has drawn on its extensive experience to develop innovative tools targeted specifically at troubleshooting the Ethernet services network. Almost all the supported tools are standards-based, and others have been developed by Alcatel-Lucent to address key problem areas in carrier networks efficiently. 2 Alcatel-Lucent Service Router Ethernet OAM Application Note

The Alcatel-Lucent Service Router1 Ethernet OAM toolkit is extensive and includes different levels of OAM tools. The first level includes the network and service OAM tools, which serve as the foundation for fault notification and service verifications. The second level focuses on service assurance and includes the Service Assurance Agent (SAA) and service mirroring features for performance monitoring and in-depth traffic analysis. 2.1 Network and service OAM In the context of this paper, network OAM tools include physical and service level tests. The OAM building blocks for native Ethernet networks include: Digital diagnostic monitoring (DDM) IEEE standard 802.3ah Ethernet in the First Mile (EFM) IEEE standard 802.1ag Connectivity Fault Management (CFM) For IP/MPLS-enabled networks, essential network tunnel OAM tools are added. These include: Label switched path (LSP) ping LSP trace Virtual Connectivity Check Verification (VCCV) ping VCCV traceroute Pseudowire emulation (PWE3) tag, length, value (TLV) status notification for end-to-end VLL fault notifications. In addition to the network OAM tools, service providers need service OAM tools to verify media access control (MAC)-table forwarding and the operational status of customer devices. These tools include the 802.1ag CFM for Ethernet connectivity and VLL/VPLS service, VPLS MAC ping and VPLS trace for Ethernet service over IP/MPLS networks. Figure 2 illustrates different types of OAM tools in an Ethernet services network. Figure 2. Ethernet OAM tools in different packet architectures Optical OAM IP/MPLS service OAM Native Ethernet OAM TDM OAM Data Video Voice Data Video Voice Data Video Voice Data Video Voice IP IP IP IP 802.1ag OAM Connectivity fault management VPLS service OAM VPLS connectivity, 802.1ag OAM 802.1ag OAM Connectivity fault management 802.1ag OAM Connectivity fault management PPP over SONET/SDH Ethernet LSP and VCCV OAM MPLS path connectivity 802.3ah OAM Ethernet link 802.3ah OAM Ethernet link Optical transport 802.3ah OAM Ethernet link Optical link TDM transport Optical link DDM OAM optical link 1 The Alcatel-Lucent Service Router product portfolio includes the Alcatel-Lucent 7750 Service Router (SR), Alcatel-Lucent 7710 SR, and Alcatel-Lucent 7450 Ethernet Service Switch (ESS). Alcatel-Lucent Service Router Ethernet OAM Application Note 3

2.2 Service assurance using mirroring and the Service Assurance Agent With the massive volumes of voice, video, data and application traffic traversing packet networks, service providers are challenged to support real-time applications reliably. To maintain the integrity and quality of media-rich and business-critical content over Ethernet networks, service providers need OAM tools that help them assure network health and the quality of SLAs for every customer and every service. Recognizing this need, Alcatel-Lucent has integrated real-time OAM tools in the Alcatel-Lucent Service Router. With the support of service mirroring and the SAA, a service provider can proactively identify deteriorating application performance and implement immediate corrective actions. As the name implies, service mirroring is a feature that allows an Alcatel-Lucent Service Router to monitor any individual or aggregate Layer 2/Layer 3 traffic flows, based on addresses, types of services and customer identities, on a real-time basis. Service mirroring allows the operator to view a customer s packet from a central location as it traverses the network. Traditionally, this feature is provided by costly network probes. When coupled with the Alcatel-Lucent 5620 SAM, the collected real-time data can provide an in-depth analysis of different services. Section 8 of this paper discusses service mirroring in detail. To complement service mirroring, which provides a user-definable traffic analysis tool, the Alcatel- Lucent Service Router also offers a service assurance feature to measure SLA performance. The SAA is a hardware-embedded feature that enables service providers to monitor various real-time metrics, including round-trip response time, connect time, packet loss, application performance, and inter-packet delay variance (jitter). Periodic execution of the SAA emulates real-world scenarios. When low and high alarm thresholds are crossed, the SAA will initiate alarms to the network management application. The SAA operates on two-way timing. The two-way time measures requests from one node to another. Leveraging standard OAM tools, such as pings and traceroutes for LSPs and VCCVs, the Alcatel- Lucent Service Router inserts timestamps on several sampled packets as they exit the node. For the returned trip, timestamps are associated with the IP address of the originator to prevent erroneous readings of other timestamps inserted by different routers. The resulting ping and traceroute replies measure the overall latency, jitter and packet loss to confirm proper enforcement of customer SLAs. As with any other hardware-based service, the SAA runs in the background and regularly collects network information, without impacting performance. In addition to round-trip time measurements, SAA enhancements include support for one-way tests and other performance tests using Internet Control Message Protocol (ICMP) pings, ICMP traceroutes, Domain Name System (DNS) and Dynamic Host Control Protocol (DHCP) messages. 3. Digital diagnostic monitoring (DDM) OAM tool for SFPs and XFPs 3.1 Overview To expand its OAM capability to the lowest transport level, Alcatel-Lucent supports DDM-enabled small form-factor pluggable (SFP) and 10 Gb/s small form factor pluggable (XFP) optics. The DDM capability is available with the gigabit Ethernet (GbE) coarse/dense wavelength division multiplexing (CDWDM) SFP and 10-gigabit (10-GbE) DWDM XFP pluggable optical transceivers. Implemented in accordance with the SFF-8472 industry-standard, Alcatel-Lucent DDM is compatible with other vendors optical transceivers. 4 Alcatel-Lucent Service Router Ethernet OAM Application Note

DDM enables a network operator to view the health of the most common and widely-used optical transport layer. The DDM data provides the Alcatel-Lucent Service Router Operating System (SR OS) with the ability to track critical optical parameters and trigger alarms in real time. 3.2 Features and applications DDM OAM tool capabilities include: Optic degradation monitoring DDM monitors temperature, supply voltage, transmit (TX) bias, TX output power and receive (RX) optical power. The collected information triggers various user-programmable warning and alarm thresholds. Physical level analysis As a transport level OAM tool, DDM enables an operator to make informed decisions when analyzing the network s performance, which could result in a cost-saving decision to dispatch an optical repair technician or to escalate the troubleshooting further to a router engineer. 4. IEEE 802.3ah Ethernet in the First Mile (EFM) OAM 4.1 Overview IEEE has ratified two Ethernet OAM standards: IEEE 802.3ah and IEEE 802.1ag. As with most IEEE working groups, the standards focus on the physical and connectivity layers of Ethernet. The first standard, IEEE 802.3ah OAM, is part of a bigger 802.3ah standard, designed to deliver Ethernet in the first mile. 802.3ah EFM enables Ethernet service delivery over voice-grade copper or TDM access, with optional multipair aggregation for 10 Mb/s Ethernet access. The second standard, IEEE 802.1ag CFM is physical transport agnostic and, delivers provider, operator and customer domain level connectivity fault management. IEEE 802.1ag support is described in the next section. Unlike IP-based OAM protocols that can cross different service provider domain boundaries, the 802.3ah EFM and 802.1ag CFM OAM mechanisms are domain-specific. The OAM messages can only be processed within the local network domains to which they belong. 4.2 Features and applications The Alcatel-Lucent Service Router provides complete support for 802.3ah EFM OAM, including: Discovery This feature enables the automatic detection of a remote compatible device. Once detected, both devices will initiate the OAM information such as OAM protocol data unit (PDU) size, loopback support and active or passive modes. Active and passive modes In active mode, the local device initiates the discovery, PDU initiation, event notification and loopback information collection. In passive mode, the remote device is the initiator. Remote failure indicator This feature enables several fault detectors, including the imminent shutdown of a remote device due to a power failure and a remote device connectivity fault as the result of a signal loss on the local RX port. Loopback detection and remote loopback Loopbacks can be used for pre-rollout link-level integrity confirmation. 802.3ah EFM OAM provides a remote control capability through the link-layer loopback mode with the OAM PDUs initiating remote port commands. During the loopback operation, all higher layer features will be temporarily disabled. OAM PDU tunneling Unique to the Alcatel-Lucent Service Router, the 802.3ah EFM OAM implementation overcomes the physical and domain boundaries imposed by the standard. With the Alcatel-Lucent Service Router, 802.3ah OAM PDUs can tunnel across transit networks that belong to other service providers. Alcatel-Lucent Service Router Ethernet OAM Application Note 5

5. IEEE 802.1ag Connectivity Fault Management (CFM) OAM 5.1 Overview Businesses subscribe to widely deployed and proven VLL (E-Line) and VPLS (E-LAN) services offered by carriers for regional, inter-metro, national and international connectivity. E-Line and E-LAN services are Metro Ethernet Forum (MEF) terms that refer to Layer 2 point-to-point and multipoint transparent LAN services (TLS). These services offer the seamlessness and transparency of a LAN, without any routed IP traffic processing. However, to manage these carrier services effectively, Ethernet OAM functions for MAC-level fault detection need to be ubiquitous and agnostic to the underlying physical transport. Also, they should be capable of crossing different service provider boundaries. The IEEE 802.1ag CFM standard addresses this need. The IEEE 802.3ah EFM OAM standard focuses on the physical access. The 802.1ag CFM OAM standard complements this by focusing on Ethernet OAM capabilities at the domain level. The 802.1ag CFM supports MAC-level fault detection using well-known MAC addresses. For the OAM messages to pass through, every device on the path of that OAM domain must support 802.1ag CFM. In addition to common OAM messages for MAC-level detection of connectivity faults and customer service verifications, the IEEE standard overcomes the typical limitations inherent in many Ethernet OAM approaches. The 802.1ag CFM standard has the ability to run OAM in-band on a per-customer VLAN basis using the associated MAC address. A network operator can initiate OAM messages to multiple targets (also known as the maintenance endpoints or MEPs) within a single VLAN or to a single dedicated target in each VLAN to determine the integrity of MAC forwarding tables. Another important feature is the hierarchical domain support that enables the 802.1ag CFM to operate as both the on- and off-net OAM protocol across different service provider networks. For the best separation of domain responsibilities, the 802.1ag CFM OAM standard supports the following hierarchies (as shown in Figure 3): Customer domain, that is, where the customer edge (CE) equipment resides Provider domain or carrier domain Operator domains, that is, the intra-carrier sub-domains within the provider domain Figure 3. 802.1ag CFM OAM standard domains 7210 SAS-E CE 1 Ethernet/ MPLS IP/MPLS network Native Ethernet 7210 SAS-E CE 2 PE 1 PE 2 Operator domain Operator domain Operator domain Provider domain Customer domain MIP MEP 6 Alcatel-Lucent Service Router Ethernet OAM Application Note

As interior domains, the operator and provider domains block any 802.1ag CFM messages from exiting pre-defined domain boundaries. On the other hand, the customer domains are considered exterior domains, and are therefore capable of tunneling any 802.1ag CFM messages through the interior domains. 5.2 Features and applications The 802.1ag CFM OAM supports many different applications, such as: On-demand and continuous connectivity checks Path confirmations that validate the MAC table forwarding End-to-end pre-rollout connectivity assurance, from the service provider network to the customer premises The Alcatel-Lucent Service Router supports the followings 802.1ag CFM OAM messages: Continuity check (CC) messages These are heart-beat messages exchanged periodically between MEPs. These allow for the discovery of other MEPs within a domain. A user can configure this message to run continuously and send an alert when it detects a fault. Loopback message or MAC ping These are useful to check connectivity. The look and feel of MAC ping is similar to that of the IP ping command. The MAC ping command uses a VLAN ID and a MAC address as the parameters. MAC traceroute message Unlike the CC signals, which can be enabled to beacon continuously, the traceroute signal is sent on demand. The MAC traceroute command uses a VLAN ID and a MAC address as the parameters to trace the path to another maintenance point (MEP) in the domain. 6. MPLS Path and PWE3 OAM 6.1 Overview As the transformation to MPLS-based Carrier Ethernet networks gains momentum, MPLS OAM has become critical for maintaining service levels. A converged MPLS core network allows global reach and connectivity between MPLS/VPLS metros, with flexible access networks. A full suite of control and data standards for VPLS, VLL, Circuit Emulation Service over Packet Switched Network (CESoPSN) and Structure Agnostic TDM over Packet services allows standards-based service delivery of Ethernet, Frame Relay, ATM and even TDM over IP/MPLS. IP/MPLS supports any underlying physical media, including both Ethernet and legacy media types. This is how the Alcatel-Lucent Service Router provides an industry-leading Ethernet service delivery solution on a Terabit platform, regardless of the varied underlying physical transport. Consistent with the goal to provide the most comprehensive MPLS path and circuit OAM tools, the Alcatel-Lucent Service Router provides comprehensive data plane and control plane verifications. For this section, the MPLS OAM tools are subdivided into two groups: MPLS OAM tools and pseudowire emulation edge to edge (PWE3) OAM tools. (The latter are also known as VLL OAM tools.) The MPLS OAM tools include LSP ping and LSP trace. The PWE3 OAM tools include VCCV ping, VCCV traceroute and pseudowire status TLV signaling. With the LSP ping and LSP trace, a network operator can easily detect the following: LSP misrouting or loss of path, isolated configuration faults and packet forwarding faults on any point in the IP/MPLS network. Alcatel-Lucent Service Router Ethernet OAM Application Note 7

Similarly, the VCCV tests verify a single virtual channel or pseudowire inside an LSP tunnel. With VCCV ping as a complement to LSP ping and LSP trace, a network operator has the ability to localize a connectivity fault on an emulated pseudowire service within an LSP tunnel. 6.2 IP/MPLS OAM tool features and applications LSP ping and traceroute detect data plane failures in LSPs by verifying whether the packet reaches the label edge router (LER) and by providing the hop-by-hop destination path of the LSP. The Alcatel-Lucent Service Router supports the followings OAM messages: LSP ping Modeled after the familiar ICMP ping, LSP ping is an in-band OAM tool. For a given forwarding equivalence class (FEC), LSP ping can begin LSP path verification from the local ingress LER to the final egress LER. LSP trace To complement LSP ping, LSP trace tests the MPLS label switched router (LSR) control plane. LSP trace packets localize faults in an MPLS LSP tunnel by testing an LSP path across any transit LSRs, from the ingress LSR to the final egress LSR. LSP trace supports various parameters to enable fine-grain control, including the number of LSR hops, options between unidirectional or bidirectional traces, and selection of any specific egress paths in a multi-egress Equal Cost Multipath Protocol (ECMP) environment. Both LSP ping and LSP trace can test a tunnel setup by Label Distribution Protocol (LDP), LDP over Resource Reservation Protocol (LDPoRSVP) and even Generic Routing Encapsulation (GRE). As tunnel verification tools, all forwarding plane and data plane OAM packets are kept within the service provider network and not forwarded to the customer. 6.3 PWE3 OAM tool features and applications PWE3 OAM tools include: VCCV ping VCCV ping is used to check connectivity of a pseudowire within an LSP tunnel. As an in-band OAM tool, VCCV ping sends messages using the same encapsulation and along the same path as user packets in that pseudowire. Pseudowire Status TLV Designed to provide end-to-end fault notifications with the ability to translate the pseudowire status notification into the native OAM protocol of the access circuit (that is ATM OAM, Frame Relay local management interface (LMI), Ethernet Access. 6.3.1 VCCV ping The Alcatel-Lucent Service Router supports VCCV ping over both a single-segment pseudowire and a multi-segment pseudowire (as shown in Figures 4 and 5). With the growing numbers of interdomain MPLS deployments using pseudowires to transport Ethernet, Frame Relay, ATM and TDM traffic, multi-segment pseudowires enable carriers to deliver highly scalable and reliable PWE3 services through efficient signaling in very large services networks. Figure 4. VCCV ping in a single-segment pseudowire environment VCCV echo request VCCV echo reply 7210 SAS-E CE 1 Pseudowires PE 1 PE 2 7210 SAS-E CE 2 8 Alcatel-Lucent Service Router Ethernet OAM Application Note

Figure 5. VCCV ping in multi-segment pseudowire environment 7210 SAS-E CE 1 Pseudowires Pseudowires 7210 SAS-E CE 2 PE 1 S-PE PE 2 VCCV echo request VCCV echo request Segment VCCV ping VCCV echo reply End-to-end VCCV ping VCCV echo reply The Alcatel-Lucent Service Router supports a new draft as defined in draft-hart-pwe3-segmented pw-vccv-xx.txt that uses multi-segment pseudowire switching as a method to scale a large VLL or VPLS network. In a single-segment VCCV ping, when a VCCV ping is exchanged between provider edge (PE) nodes, the following actions occur: PE1 sends a VCCV echo request to test the FEC at PE2 PE2 replies with a VCCV echo reply VCCV ping in a multi-segment pseudowire involves a more sophisticated operation. In a multi-segment pseudowire network, transparent pseudowire switching needs to occur. As Figure 5 shows, PE1 and PE2 are where the pseudowires originate and terminate. However, with the support of multi-segment pseudowires, PE1 includes a new multi-segment pseudowire control word. The control word informs the switched PE (S-PE) to switch and cross-connect two spoke pseudowires. 6.3.2 Status TLV Status TLV is a status field inside a T-LDP that allows a PE node to notify a remote peering PE of a pseudowire fault or an attachment circuit fault. By sending a pseudowire Status TLV in an LDP notification message, instead of a signal to withdraw the pseudowire labels, it preserves the operational status of existing labels. As an example, in a scenario where a service provider deploys an ATM pseudowire across the IP/MPLS backbone and a fault is detected on one of the ATM access links, the pseudowire Status TLV will trigger a fault notification to the remote peering PE. The received fault will cause the remote peering PE to trigger a sequence of actions related to the attachment circuit, including the notification of the attached CE device. In summary, as an end-to-end fault notification mechanism, pseudowire Status TLV significantly reduces label churn in the network and improves network stability. Alcatel-Lucent Service Router Ethernet OAM Application Note 9

7. VPLS MAC OAM 7.1 Overview VPLS is the de-facto architecture for providing industry-leading multipoint Ethernet services for residential, business and mobile applications. VPLS has enabled vast revenue opportunities for carriers, with a proven steady stream of revenue. Due to the fast growth of VPLS deployments with continued strong demand from service providers, the older legacy TLS circuits in limited regions are gracefully fading away in favor of VPLS-based Ethernet service architectures. The difference between a TLS that is based on legacy technologies and one based on VPLS is that the latter supports standards-based service delivery attributes, such as traffic engineering, reliability, sub-50 ms protection and integrated management. VPLS overcomes the serious challenges associated with legacy technologies, making it viable for service providers to maintain Ethernet services. Because of these proven standards-based service delivery benefits, it now tops the delivery of multipoint Ethernet services in carrier networks, world-wide. The Alcatel-Lucent Service Router provides VPLS MAC OAM tools specifically to isolate VPLS service faults. The VPLS MAC OAM tool has the ability to run OAM tests in-band on a per-service basis. A network operator can initiate OAM messages to multiple targets within a single VPLS instance to determine the integrity of the MAC virtual service instances on VPLS devices and the operational status of equipment at the customer s premises. 7.2 Features and applications The Alcatel-Lucent Service Router supports the following VPLS messages: MAC ping MAC ping is based on the same principles as IP ping, which tests connectivity between two points in the network. With MAC ping, the test is used to detect connectivity between VPLS and/or native Ethernet devices. (See Section 7.2.1 for more information on MAC ping.) MAC trace A MAC trace provides the ability to trace a specific MAC address through the network, hop by hop, and is used to discover the topology of the network. The MAC trace report indicates the route customer packets would take through the network. (See Figure 6.) CPE ping The CPE ping is an extension of the MAC ping OAM tool. This tool allows end-to-end testing of network connectivity all the way to the customer premises. MAC populate A MAC populate command introduces a MAC address that is flagged as an OAM-only entry in the MAC-address table. This address cannot be used for forwarding customer packets. MAC populate allows a network operator to check the accuracy of the MAC address table by verifying the correctness of the forwarding plane. MAC purge The opposite of MAC populate, the MAC purge tool removes MAC addresses that are installed using the MAC populate command. This allows a network operator to perform a controlled OAM test without the MAC learning that is introduced by customer packets. Figure 6. VPLS MAC trace verifies service topology 7210 SAS-E VPLS mesh VB 7210 SAS-E RESPONSE TRACEROUTE MAC-E1 CE 1 REQUEST TRACEROUTE MAC-E1 TTL=3 PE 1 PE 2 RESPONSE TRACEROUTE MAC-E1 RESPONSE TRACEROUTE MAC-E1 CE 2 router MAC-E1 10 Alcatel-Lucent Service Router Ethernet OAM Application Note

7.2.1 MAC ping A MAC ping packet is formatted exactly like a customer packet and therefore follows the same forwarding topology of a customer s VPLS service. Originating and terminating inside the provider network, MAC ping packets can be distinguished from regular customer traffic and are not forwarded to the customer network. Using MAC ping, a network operator can determine if traffic is flowing for a given customer MAC address and can verify that MAC addresses have been properly learned throughout the network. (See Figure 7.) Figure 7. VPLS MAC ping verifies customer connections RESPONSE VPLS SVC ID 101 PING MAC-E1 VPLS mesh VB 7210 SAS-E CE 1 7210 SAS-E 7210 SAS-M PE 1 PE 2 CE 2 router MAC-E1 REQUEST VPLS SVC ID 101 PING MAC-E1 8. Layer 2 and Layer 3 service mirroring 8.1 Overview To manage a network effectively, service providers need to be able to perform an in-depth forensic audit of the network traffic. One way to accomplish this is to put an overlay of network probes or traffic analyzers at multiple aggregation routers. For skilled technicians, a constant stream of Layer 2 and/or Layer 3 data that is sifted through a complex set of filters can provide a wealth of information on the nature of the network. In addition to traffic analysis, service mirroring gives service providers the ability to generate new revenue through flexible billing options based on a subscriber s usage pattern. Subscriber usage information can be fed into a third-party billing application. With detail information on network usage for every subscriber, billing can be based on a flat rate, per-subscriber bandwidth usage, or even per-subscriber application usage. Another possible billing option is to set tiered rates. Consumption beyond pre-set maximums can go into a different tier and incur higher charges. This type of billing is currently used by utility companies. Recognizing the needs for advanced off-site troubleshooting through traffic analysis and additional billing options, the Alcatel-Lucent Service Router integrates this function with service mirroring. Service mirroring enables deep and flexible traffic inspections via data-plane mirroring. Using an ASIC-based implementation, service mirroring can feed a constant stream of customer traffic and network control traffic to a central unified management system, such as the Alcatel-Lucent 5620 SAM, for more in-depth analysis and/or billing. Alcatel-Lucent Service Router Ethernet OAM Application Note 11

Figure 8. Troubleshooting with service mirroring IP/MPLS core Customer traffic 7210 SAS-E 7210 SAS-E CE 1 IP/MPLS Metro IP/MPLS Metro CE 2 Mirrored traffic PE 1 PE 2 Unified management with network analyzer 8.2 Features and applications Service mirroring has been purpose-built to provide the critical Layer 2 and Layer 3 data-plane mirroring capability that service providers need to effectively support the demanding environment of converged networks effectively (see Figure 9). This data-plane mirroring capability includes: User-defined service mirroring Supports mirroring on a per-subscriber, per-service, per flow and per-network basis. The flows can be classified using a variety of filters, which may include IP address, MAC address and flow type. Service mirroring collection points can be subscriber facing or network facing. Full content mirroring The mirroring capability supports full content mirroring, which includes signaling, routing and switched data traffic. Local and remote mirroring The Alcatel-Lucent Service Router supports both local and remote traffic mirroring. A variety of tunnel options including GRE and LSP tunnels, are available to tunnel mirrored traffic across the network. Layer 2 and Layer 3 service mirroring The Alcatel-Lucent Service Router supports simultaneous service mirroring of both routed (Layer 3) and switched (Layer 2) services, including virtual private routed network, Internet Enhanced Service (IES), VLL and VPLS. Figure 9. Target- and classification-based mirroring over GigE VoIP VLAN Mirror just VoIP for subscriber 1 Video VLAN Gold Bronze On-net HSI VLAN GigE Mirror Ethernet traffic matching MAC Mirror whole VLAN 1 Mirror IP traffic matching IP address a.b.c.d. Mirror just HSI for subscriber 2 Mirror whole GigE port 12 Alcatel-Lucent Service Router Ethernet OAM Application Note

9. Service ping OAM 9.1 Overview Most foundational optics-based Ethernet link, network path and service connectivity OAM tools are discussed in the previous sections. This section is dedicated to an OAM tool that is unique to the Alcatel-Lucent Service Router. The service ping OAM tool eases service provisioning with the ability to detect a provisioning configuration mismatch between two peering Alcatel-Lucent Service Routers and to verify the operational status of a customer service using a single OAM command. For maximum flexibility, the service ping can operate on any tunnels created by both IP/MPLS and GRE/IP. Service ping is different from most ping-based OAM tools. Instead of displaying test results from an egress device only, the service ping is an intelligent OAM tool that derives information from both the local and remote Alcatel-Lucent Service Routers to provide end-to-end visibility of individual services. 9.2 Features and applications In many service provisioning scenarios, setting up the correct configurations end to end is not sufficient on its own. Before a service is green-flagged as ready for a customer, additional confirmation steps are necessary. Service ping addresses this need, with the following capabilities: Configuration alignment Unlike most ping-based tests that display minimal information between two endpoints, the service ping extends the typical ping with comprehensive reporting from two peering Alcatel-Lucent Service Routers. With this approach, a network manager can easily check if all authorized peering devices are seen by the local device and correct any configuration mismatches that could lead to forwarding and control path errors. Service status A service outage can also be caused by incorrect software pre-sets. As a comprehensive ping tool, service ping checks that the correct administrative rights are enabled and the service is bound to the correct network tunnel. Initiating a service ping command requires two parameters the remote Alcatel-Lucent Service Router IP address and the service ID. The sequence of tests starts with the local Alcatel-Lucent Service Router executing a collection of tests as shown in Figure 10. Figure 10. Alcatel-Lucent service ping OAM Service ping Router interface tests Service mirroring Per-customer interface tests Tunnel tests Service tests VPLS service VLL service 10.10.02.XX/24 VPLS service VLL service SR_1 IP: 10.10.10.171 SR_2 IP: 10.10.10.172 VPLS service-id 99 Alcatel-Lucent Service Router Ethernet OAM Application Note 13

The tests check the following: Service type (VPLS, VLL or service mirroring) Service operational status Service maximum transmission unit (MTU) Customer service ID Terminating IP address on the Alcatel-Lucent Service Router The remote tunnel ID status Associated downstream and upstream LSP labels of the remote Alcatel-Lucent Service Routers How the LSP labels are established (statically configured or dynamically signaled?) Upon completion of the local Alcatel-Lucent Service Router platform s tests, service ping proceeds to probe the remote Alcatel-Lucent Service Router. The test results from the local and remote Alcatel-Lucent Service Routers are shown in Figure 11. Figure 11. Sample service ping results 10. Unified management with Alcatel-Lucent 5620 SAM and 5650 CPAM To complete the OAM framework, Alcatel-Lucent provides graphical OAM management, via the Alcatel-Lucent 5620 SAM and Alcatel-Lucent 5650 CPAM (as shown in Figure 12). Architected as a unified management system, the combination offers easy point-and-click operation, intuitive OAM tools, on-demand service testing, automated SLA verification and final reporting. Using the Alcatel-Lucent 5620 SAM Assurance module (SAM-A) as a fault management system, a service provider can identify and resolve network problems through correlations of alarms, faults and losses of service. The Alcatel-Lucent 5620 SAM-A interfaces directly with Alcatel-Lucent Service Router OAM features, such as service ping, MAC ping, 802.3ah EFM, the LDP ECMP OAM tool, the Bidirectional forwarding detection-based OAM tool and service mirroring. 14 Alcatel-Lucent Service Router Ethernet OAM Application Note

Figure 12. Unified management architecture with Alcatel-Lucent 5620 SAM and 5650 CPAM Unified management SAM-O and CPAM-O OSS 5620 SAM Service mgmt customer OAM Network mgmt connectivity OAM 5650 CPAM Metro and Ethernet service aggregation Multiservice edge Element mgmt device OAM IP signal mgmt routing plane OAM IP/MPLS core IP/MPLS Metro 7701 CPAA PE 7701 CPAA With service mirroring, the Alcatel-Lucent 5620 SAM-A can also collect test data from different network tunnels, port traffic and subscriber information. The collected data can be exported seamlessly to third-party applications through the standards-based Northbound Interface of the Alcatel-Lucent 5620 SAM OSS Interface module (SAM-O). In addition to the Alcatel-Lucent 5620 SAM-A, Alcatel-Lucent provides two other powerful OAM tools the Alcatel-Lucent 5620 SAM Test Manager and the service-aware Fault Management tool. Together these tools offer comprehensive service fault management, service impact analysis and service topology map features to reduce the mean time to repair and SLA penalties. The Alcatel-Lucent 5620 SAM Test Manager orchestrates the generation of tests for individual services or a group of services running on different LSPs. On-demand service OAM testing can be easily defined and performed throughout the entire network in three steps: create a test policy, choose a network or service target, and run the tests (see Figure 13). Figure 13. Fully automated, on-demand Ethernet OAM testing Alcatel-Lucent Service Router Ethernet OAM Application Note 15

11. Conclusion The Alcatel-Lucent 5620 SAM test suite can regularly report on network and service health based on flexible criteria such as latency, delay and packet loss. It can also proactively generate thresholdcrossing alarms to alert operators when gradual or momentary SLA metric violations are detected. The Alcatel-Lucent 5650 CPAM is a software application that manages the IP routing layer. It offers real-time control plane visualization, proactive control plane surveillance, configuration validation, and control plane diagnosis. In addition, through seamless integration with the Alcatel-Lucent 5620 SAM, the Alcatel-Lucent 5650 CPAM provides simplified diagnosis and intuitive visualization of the IP/MPLS infrastructure and its corresponding IP routing plane. Service providers need an effective Ethernet OAM toolkit to elevate their VLL (E-Line) and VPLS (E-LAN) service network operations to a new level of operational efficiency that will ultimately result in unprecedented simpli fication and cost-reductions. A well-architected OAM toolkit will enable the service provider to rapidly diagnose network faults, detect component degradation early and automate processes to isolate network-induced errors. While smooth network operations are critical, in today s competitive market, service providers need even more from their management system. They need to be able to surpass the competition by rolling out services quickly and offering an enhanced customer experience. With these goals in mind, the Alcatel-Lucent Service Router supports a comprehensive OAM toolkit, with tools for testing and assuring the Ethernet interface and network tunnel path, as well as the VPLS and VLL services that are an integral part of residential, business and mobile solutions (see Figure 14). Alcatel-Lucent provides a robust and extensive set of tools focused on the operation of the existing VPLS and VLL service network as well as those to assist service providers with the migration from a legacy circuit network to an MPLS/VPLS-based service network. The comprehensive Alcatel-Lucent OAM toolkit includes: Standard implementations of Ethernet-focused OAM tools for connectivity checks and faultdetections that can span across all network layers, including access, metro aggregation and IP/MPLS backbone. Comprehensive OAM tools for physical interface and service layers, from network tunnel tests to in-band service tests for customer service verifications. Industry-leading service and performance analysis with integrated service mirroring and service assurance. Service mirroring that delivers analyzed data without any performance impact, and which is flexible enough to continually evolve to support the complex service provider environment. Service assurance that can detect any impending issues and proactively monitor the health of different services in the networks by analyzing the packet delay, jitter and loss. Integration with centralized unified management tools, such as the Alcatel-Lucent 5620 SAM and Alcatel-Lucent 5650 CPAM, to simplify network operation and enable a service provider to conduct real-time detailed forensic audits and quick correlations of network events. The Alcatel-Lucent Service Router-based MPLS/VPLS architecture provides a comprehensive OAM toolkit that enables carriers to assure strict SLAs for their customers. The past challenges that prevented Ethernet from serving as a viable alternative to circuits are addressed by the Alcatel- Lucent Service Router OAM capabilities and performance. Alcatel-Lucent offers a comprehensive Ethernet OAM solution through the integrated OAM tools and unified management capabilities of the Alcatel-Lucent Service Router. The well-architected Ethernet OAM support helps service providers maintain operational efficiency so they can take advantage of the market opportunity that the ever-growing demand for MPLS/VPLS-based Ethernet services presents. 16 Alcatel-Lucent Service Router Ethernet OAM Application Note

Figure 14. Service Router Ethernet OAM Tools OAM category OAM feature Analysis tools Unified management Perfomance analysis Service analysis 5620 SAM, 5650 CPAM Service assurance Service mirroring Connectivity checks and fault detections Ethernet service tests Network tunnel tests For Ethernet 802.1ag CFM For MPLS/VPLS Service ping VPLS MAC, 802.1ag CFM, VCCV, PWE3 Status TLV, BFD MPLS LSP, BFD Link tests 802.3ah EFM 802.3ah EFM Optical DDM 12. Abbreviations 802.1ag CFM 802.3ah EFM ATM CC CE CESoPSN DDM DWDM ECMP FEC GRE HSI ICMP IEEE IES IETF IP LDP LER` LSP LSR MAC IEEE standard 802.3ah Connectivity Fault Management IEEE standard 802.3ah Ethernet First Mile Asynchronous transfer Mode Continuity check Customer edge Circuit Emulation Service over Packet Switched Network Digital diagnostic monitoring Dense wavelength division multiplexing Equal Cost Multipath Protocol Forwarding equivalence class Generic Routing Encapsulation High-speed Internet Internet Control Message Protocol Institute of Electrical and Electronics Engineers Internet Enhanced Service Internet Engineering Task Force Internet Protocol Label Distribution Protocol Label edge router Label switched path Label switched router Media access control) MEP MIP MTU NMS OAM OSS PWE PWE3 RX SFF SFP SLA SONET/SDH S-PE TDM TLS TX VCCV VLAN VLL VPLS XFP Maintenance endpoint Maintenance intermediate point Maximum transmission unit Network management system Operation, administration and management Operations support system Pseudowire emulation Pseudowire emulation edge to edge Receive Small form factor Small form-factor pluggable Service level agreement Synchronous Optical Network/Synchronous Digital Hierarchy Switched provider edge Time division multiplexing Transparent LAN services Transmit Virtual Channel Connectivity Verification Virtual local area network Virtual Leased Line Virtual Private LAN Services 10 Gigabit Small Form Factor Pluggable Alcatel-Lucent Service Router Ethernet OAM Application Note 17

www.alcatel-lucent.com Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. Copyright 2009 Alcatel-Lucent. All rights reserved. CAR4688090118 (02)